Three years on, we take a look at some of the biggest GDPR fines to date. Although we are focusing on the biggest fines (and therefore the bigger, well-known brands), it’s important to remember that this can happen to any type of organisation, whether they are small, medium or large.
Google: Fined for not making it clear what user's data would be used for (£43.2 million)
Have you made your consumer data processing statement easily accessible to your customers? Do you have consent from your users to use their data in the way you are using it?
Whenever you collect customer or prospect data, you must explain what that data will be used for and users must accept or decline your use to do so. In the example of Google, it was not transparent that users data would be used to target ads, which led to this substantial fine.
H&M: Fined for secretly monitoring hundreds of employees (£32.1 million)
Are you monitoring your employees without their permission?
Similarly to customer data, when it comes to any data being collected about a member of staff, it is important that you detail why you are collecting that data, what it will be used for and who it will be shared with. In the example of H&M they recorded videos of staff returning from holiday or sick leave and this data was shared with managers. Employees were unaware this was happening, which led to the fine H&M received.
British Airways: Fined after website users were directed to a fraudulent site which lead to customer’s personal data being leaked (£20million)
Could your business bounce back after a data breach?
Implementing a robust cyber security and disaster recovery solutions should be a priority to all organisations. Your data recovery strategy should outline how your organisation will respond to all possible data loss situations as unfortunately, as well as heavy fines and damage to brand reputation, research suggests 90% of small businesses fail within 2 years after being struck by a disaster. So If you are not prepared, you are less likely to survive.
In the case of British Airways. hackers gained access to 400,000 peoples personal data, including their booking details, names, addresses and credit card details.
If the worst-case scenario happens, it’s essential that your business is able to respond quickly and has a plan in place to resume operations with minimal disruption.
- Learn more about cyber security solutions and support
- Discover more about disaster recovery
- Visit our data protection resources
You can also get in touch by clicking the button below.